Five-year-old discovers Xbox Live security vulnerability

Each month, Microsoft recognizes security researchers that help make their online services safer by finding and reporting security vulnerabilities. The March 2014 list is seemingly no different than any other… that is, until you learn that a five-year-old is among those being acknowledged.

Shortly after the Xbox One launched late last year, the parents of five-year-old Kristoffer Von Hassel noticed he was somehow logging into his father’s Xbox Live account and playing games he shouldn’t have been. When confronted by his father, Kristoffer spilled the beans and showed his proud papa exactly how he did it.

After typing in the wrong password for the account one day, Kristoffer was presented with a secondary verification prompt. Apparently by entering only blank spaces then pressing enter, he gained access to the account.

The father and son team reported the flaw to Microsoft. It has since been patched and Kristoffer received four Xbox One games, $50 and a year’s subscription to Xbox Live from the Redmond-based company for his efforts.

In a statement on the matter, Microsoft said they’re always listening to customers and thank them for bringing issues to their attention. The message further reads that they take security seriously and fixed the issue as soon as it was brought to their attention.

This isn’t the first time that the youngster has uncovered vulnerabilities. According to his father, he managed to circumvent the toddler lock screen on a smartphone simply holding down the home button – at age 1.